Skip to main content

Configuration

Configure the OSO Kafka Backup Operator with Helm values.

Complete Values File

values.yaml
replicaCount: 1

image:
  repository: ghcr.io/osodevops/kafka-backup-operator
  pullPolicy: Always
  tag: ""  # Defaults to the chart appVersion

imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""

serviceAccount:
  create: true
  annotations: {}
  name: ""

azureWorkloadIdentity:
  enabled: false
  clientId: ""

podAnnotations:
  prometheus.io/scrape: "true"
  prometheus.io/port: "8080"
  prometheus.io/path: "/metrics"

podSecurityContext:
  runAsNonRoot: true
  runAsUser: 1000
  fsGroup: 1000

securityContext:
  allowPrivilegeEscalation: false
  readOnlyRootFilesystem: true
  capabilities:
    drop:
      - ALL

service:
  type: ClusterIP
  port: 8080
  annotations: {}

resources:
  requests:
    cpu: 100m
    memory: 128Mi
  limits:
    cpu: 500m
    memory: 512Mi

nodeSelector:
  kubernetes.io/os: linux

tolerations: []
affinity: {}

extraVolumes: []
extraVolumeMounts: []
extraEnv: []

logging:
  level: "info,kafka_backup_operator=debug"
  format: json

metrics:
  enabled: true
  serviceMonitor:
    enabled: false
    interval: 30s
    scrapeTimeout: 10s
    labels: {}

crds:
  install: true
  keep: true

leaderElection:
  enabled: false
  leaseDuration: 15s
  renewDeadline: 10s
  retryPeriod: 2s

Image Configuration

image:
  repository: ghcr.io/osodevops/kafka-backup-operator
  tag: "1.0.0"
  pullPolicy: Always

The chart defaults the image tag to appVersion, so chart 1.0.0 deploys ghcr.io/osodevops/kafka-backup-operator:1.0.0 unless you override image.tag.

Azure Workload Identity

azureWorkloadIdentity:
  enabled: true
  clientId: <managed-identity-client-id>

When azureWorkloadIdentity.enabled is true, the chart annotates the service account, labels the pod template with azure.workload.identity/use: "true", and the operator can use federated identity for Azure Blob Storage when storage.azure.useWorkloadIdentity: true is set on a CRD.

Extra Environment and Mounts

Use extraVolumes, extraVolumeMounts, and extraEnv for custom CA bundles or S3-compatible endpoint settings.

extraVolumes:
  - name: internal-ca
    secret:
      secretName: internal-ca-bundle

extraVolumeMounts:
  - name: internal-ca
    mountPath: /etc/internal-certs
    readOnly: true

extraEnv:
  - name: SSL_CERT_FILE
    value: /etc/internal-certs/ca.crt

Metrics

metrics:
  enabled: true
  serviceMonitor:
    enabled: true
    interval: 30s
    scrapeTimeout: 10s
    labels:
      release: prometheus

The operator exposes metrics on port 8080. The Helm chart also sets default Prometheus scrape annotations on the pod.

High Availability

replicaCount: 2

leaderElection:
  enabled: true
  leaseDuration: 15s
  renewDeadline: 10s
  retryPeriod: 2s

Enable leader election when running more than one replica.

Applying Configuration

helm repo add oso https://osodevops.github.io/helm-charts/
helm repo update

helm upgrade --install kafka-backup-operator oso/kafka-backup-operator \
  --namespace kafka-backup \
  --create-namespace \
  --values values.yaml

Validation

helm template kafka-backup-operator oso/kafka-backup-operator \
  --namespace kafka-backup \
  --values values.yaml
helm get values kafka-backup-operator -n kafka-backup --all

Next Steps